Manualshelf

Cisco Nexus 5000 Series Switch Fabric Manager Software Configuration Guide, NX-OS 4.0 (OL-16598-01, June 2008)

ManualsBrandsHP ManualsStorageHP SN6000C 8Gb 32-port Fibre Channel Switch
301302303304305306307308309310
CHAPTER
Send comments to nx5000-docfeedback@cisco.com
23-1
Nexus 5000 Series Switch Fabric Manager Software Configuration Guide
OL-16598-01
23
Configuring FC-SP and DHCHAP
Fibre Channel Security Protocol (FC-SP) capabilities provide switch-to-switch and host-to-switch
authentication to overcome security challenges for enterprise-wide fabrics. Diffie-Hellman Challenge
Handshake Authentication Protocol (DHCHAP) is an FC-SP protocol that provides authentication
between Nexus 5000 Series switches and other devices. DHCHAP consists of the CHAP protocol
combined with the Diffie-Hellman exchange.
This chapter includes the following sections:
Information About Fabric Authentication, page 23-1
DHCHAP, page 23-2
Default Settings, page 23-10
Information About Fabric Authentication
All Nexus 5000 Series switches enable fabric-wide authentication from one switch to another switch, or
from a switch to a host. These switch and host authentications are performed locally or remotely in each
fabric. As storage islands are consolidated and migrated to enterprise-wide fabrics new security
challenges arise. The approach of securing storage islands cannot always be guaranteed in
enterprise-wide fabrics. For example, in a campus environment with geographically distributed switches,
someone could maliciously interconnect incompatible switches or you could accidentally do so,
resulting in Inter-Switch Link (ISL) isolation and link disruption.